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Introduction 


The Information Commissioner’s Audit Committee (the Committee) 
provides scrutiny, oversight and assurance of risk control and governance 
procedures. Minutes of its meetings are available on the |CO’s website at 


www.ico.org.uk. 
Membership and attendance 


The Committee’s chair is lan Watmore who is a non-executive director 
and member of the Management Board. 


There are two other members of the Audit Committee; Ailsa Beaton who 
is a non-executive director and member of the Management Board, and 
Roger Barlow who is an independent member. 


The Committee met on 8 June 2015, 7 September 2015, 7 December 
2015 and 7 March 2016. The members all attended all of the meetings. 


The Information Commissioner attended three meetings of the 
Committee, being represented by Simon Entwisle, Deputy Commissioner 
and Deputy Chief Executive Officer, when he was unable to attend. 


Representatives of the National Audit Office (NAO), the |CO’s external 
auditors, and Grant Thornton, who provide the |CO’s internal audit 
function, attended all of the meetings. 


Secretariat was provided by the Corporate Affairs department. 
Meetings during 2015/ 16 
The Committee has, as standing items at all of its meetings; 

e an update on current issues from the Information Commissioner; 


e areview of the risk register; 
e progress reports from the internal and external auditors; 


e discussion of audit reports and performance in clearing outstanding 
internal and external audit recommendations; and 
e areview of reported fraud, whistleblowing and security incidents. 


In addition during the year the Committee considered: 
e the Annual Report & Accounts for 2014/15 and 2015/16; 
e the registration fee strategy; 
e acritical IT hardware failure; and 
e progress in implementing the new purchase management system. 


Audit 


During the year the Committee reviewed the audit plan and performance 
against it on a continual basis, and considered internal audit reviews of: 
Recruitment; 

Performance appraisal; 

New finance system - benefits realisation; 

Core financial controls; 

Core operations - project Eagle; and 

Follow up. 


Grant Thornton made 27 recommendations during the year; of which 18 
have been actioned. 

e One recommendation remained outstanding from the 2014/15 year; 
for the ICO to review its Information Rights Strategy. It is planned 
to undertake this review by December 2016 following the 
appointment of the next Commissioner. 

e Nine other recommendations made in 2015/16 (including five 
improvement actions) remain outstanding as of the end of the 
15/16 year. One medium risk and one low risk actions had not been 
cleared by the expected date. 


The Committee noted the high number of recommendations where 
initially agreed action dates were missed. The Committee expressed the 
wish that agreed dates be realistic and be met. 


Grant Thornton’s Annual Internal Audit Report 2015/16 concluded that, in 
the areas examined, the activities of risk management, corporate 
governance and internal controls were suitably designed to achieve the 
objectives required, and activities and controls examined were operating 
with sufficient effectiveness to provide reasonable, but not absolute, 
assurance that the related objectives were achieved during the period 
under review. 


The NAO Audit Completion Report 2015/16 concluded that the 
Comptroller and Auditor General anticipate certifying the 2015/16 


financial statement with an unqualified audit opinion, without 
modification. 


Audit Committee Opinion 


Given the opinion of the internal auditors and external auditors as 
expressed in their annual reports, and the other information available to it 
from its work during the year, the Audit Committee can therefore provide 
the Accounting Officer with reasonable assurance that the |CO’s control 
mechanisms are working satisfactorily. 


The Committee is satisfied with the quality of internal and external audit 
and believes that by virtue of this work it is able to take a measured and 
diligent view of the quality of financial and other systems of reporting and 
control within the ICO. It is satisfied that, other than in the areas of 
potential weakness outlined above, the ICO has appropriate systems of 
internal control that work well. In respect of the potential areas of 
weakness, the Committee looks forward to continuous improvement in 
controls in the future. 


In respect of its own performance the Committee considers that it has 
directed the internal audit function towards areas relevant to the risks 
facing the ICO. It has constructively challenged both management and 
internal audit function and received a high level of cooperation and 
support from all concerned. Responses to audit recommendations are 
generally positive and the Committee is satisfied that management within 
ICO is committed to maintaining an appropriate level of internal control 
and prudent use of resources. 


This opinion feeds into the Commissioner’s drafting of the Governance 


Statement for 2015/16 which was considered by the Audit Committee at 
its March and June 2016 meetings. 
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